The cybersecurity researchers of Positives Technologies have detected some severe flaws in the Fortinet FotiWeb web application firewall. According to the security experts, the threat actors could easily hack the corporate networks with these flaws.
The Fortinet FortiWeb web application firewall (WAF) is generally created to shield servers from web-based attacks, but it got vulnerable to an SQL injection query. Andrey Medov is one of the security experts who have detected this flaw and affirmed that the vulnerabilities involve:-
- A blind SQL injection.
- A stack-based buffer overflow problem.
- An overflow buffer overflow.
- Format string vulnerability that could direct to the execution of malicious code or instructions or denial-of-service (DoS) situations.
Flaws
FortiGate SSL VPN logs may display events of users in a different VDOM
This vulnerability could easily allow remote hackers to read the SSL VPN events log records of users in other VDOMs just by executing “get vpn ssl monitor”…